Hiring Cybersecurity Architect (IAM/PAM/Active Directory) in Phoenix, AZ

OmniStar Technologies is a 12-year-old enterprise IT solutions provider serving Fortune 500 clients across finance, healthcare, critical infrastructure, and public sector sectors across North America, with dedicated offices in Phoenix, AZ, Irving, TX, and Charlotte, NC. Our cybersecurity practice is the backbone of every client engagement we deliver, and we are seeking an experienced Cybersecurity Architect specializing in Identity and Access Management (IAM), Privileged Access Management (PAM), and Active Directory to join our growing team. This hybrid role requires 3 days per week in one of our three office locations, with 2 days of flexible remote work to balance collaborative in-person planning with focused independent execution. You will lead the end-to-end design, implementation, and ongoing optimization of identity security frameworks for our enterprise clients, ensuring full alignment with regulatory requirements and Zero Trust security principles.

Key responsibilities for this role include:
1. Design and deploy end-to-end IAM and PAM solutions for enterprise clients, including user provisioning, access request workflows, and privileged session monitoring, with a target of reducing unauthorized access incidents by 30% within the first 12 months of deployment for each client engagement.
2. Administer and harden on-premises and cloud-based Active Directory environments, including Group Policy Object (GPO) configuration, domain controller security patching, and hybrid Azure AD synchronization, ensuring 99.95% uptime for all client identity infrastructure under your management.
3. Develop and enforce Role-Based Access Control (RBAC) and least privilege access policies aligned with NIST SP 800-63 and industry-specific regulatory requirements (HIPAA, PCI DSS, SOX) for all client environments, with a goal of cutting over-provisioned access rights by 40% across all managed user accounts.
4. Lead the integration of IAM/PAM tools including Okta, CyberArk, and Azure AD with client SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel) to enable real-time anomaly detection and automated incident response for identity-related security threats.
5. Conduct regular access audits, quarterly privilege reviews, and annual compliance assessments for client environments, documenting findings and delivering actionable remediation roadmaps that reduce compliance audit findings by 25% year-over-year for managed clients.
6. Mentor junior security engineers and IAM analysts on industry best practices for identity security, Active Directory management, and PAM implementation, delivering a minimum of 4 hours of formal team training per month.
7. Collaborate with client IT, security, and compliance teams to align identity security strategies with core business objectives, leading bi-weekly stakeholder check-ins for all active client engagements under your ownership.
8. Evaluate emerging IAM, PAM, and identity security tools to improve operational efficiency, reduce costs, and close emerging security gaps for both internal teams and client environments.

Our security team operates in a low-bureaucracy, collaborative environment where technical expertise is prioritized over corporate hierarchy. We host monthly "security deep dive" sessions where team members present recent threat research or project wins, and we allocate 10% of paid work time for professional development and certification training, with all associated costs fully covered by the company. Hybrid team members have access to private collaboration pods in each office for focused work, as well as shared team spaces for cross-functional planning. We prioritize work-life balance, with no mandatory after-hours on-call rotations for this role unless pre-agreed for specific critical client deployments, with compensatory time off provided for any required after-hours work.

Required qualifications for this role:
- 7+ years of professional experience in cybersecurity, with at least 4 years focused on IAM, PAM, or Active Directory administration and architecture.
- Proven track record of designing and implementing enterprise IAM/PAM solutions using tools including Okta, CyberArk, Microsoft Azure AD, or SailPoint IGA.
- Deep expertise in on-premises and hybrid Active Directory, including Group Policy management, domain controller security hardening, and Azure AD synchronization.
- Strong working knowledge of access control frameworks including RBAC, ABAC, and least privilege principles, as well as familiarity with global and industry-specific regulatory requirements including HIPAA, PCI DSS, GDPR, and SOX.
- Bachelor’s degree in Computer Science, Information Security, or a related technical field, or equivalent professional experience; CISSP, CISM, or vendor-specific IAM certifications (Okta, CyberArk) are strongly preferred.
- Excellent communication skills, with the ability to explain complex technical security concepts to non-technical client stakeholders and executive leadership.

You will be expected to work with the following tools on a daily basis in this role:
- Identity platforms: Okta, Azure AD, on-premises/hybrid Active Directory, SailPoint IGA
- PAM tools: CyberArk, BeyondTrust, Thycotic
- Monitoring and analytics: Splunk, IBM QRadar, Microsoft Sentinel
- Cloud platforms: AWS (IAM, IAM Identity Center), Microsoft Azure
- Compliance frameworks: NIST SP 800-63, Zero Trust Architecture, CIS Controls

We offer a competitive total compensation package tailored to your experience level, with a base salary range of $145,000 to $185,000 annually for this role, plus an annual performance bonus of up to 15% of base salary. Additional benefits include:
- Full coverage of health, dental, and vision insurance for you and your dependents, with 90% of premium costs covered by the company.
- 401(k) retirement plan with 6% company match, fully vested from your first day of employment.
- Annual $3,000 professional development stipend for certifications, conferences, or training courses of your choice.
- 22 days of paid time off plus 10 paid company holidays, with additional paid time off available for volunteer work and professional development activities.
- Hybrid work flexibility with a $1,000 annual home office stipend to support your remote work setup.
- Relocation assistance of up to $5,000 for candidates moving to one of our office locations for the role.

As part of our growing cybersecurity practice, you will have clear, structured pathways for advancement to Senior Cybersecurity Architect, Security Practice Lead, or Director of Identity Security within 2-3 years of strong performance. We support internal mobility, allowing you to transition to client-facing delivery roles, internal security operations, or product security teams if your interests shift over time. We also cover all costs for advanced certifications including CISSP-ISSMP, CyberArk Certified Defender/Administrator, and Okta Certified Administrator to support your long-term career growth.

The hiring process for this role is designed to be transparent and efficient, with the following steps:
1. Initial 30-minute phone screen with our talent acquisition team to confirm alignment between your experience and the role requirements.
2. 60-minute technical interview with the lead of our cybersecurity practice, focused on your past IAM/PAM/Active Directory projects, problem-solving approach, and technical expertise.
3. 45-minute behavioral interview with client delivery leadership to assess collaboration, client communication skills, and cultural fit.
4. Final 30-minute conversation with the VP of Cybersecurity to discuss career goals, compensation expectations, and answer any remaining questions.
We aim to complete the full hiring process within 10 business days of receiving your application, with a target start date of within 3 weeks of offer acceptance. To apply, please send your resume and a brief summary of your most relevant IAM/PAM project experience to [email protected]. For questions about the role or application process, you can reach out directly via email or by calling 508-407-0460.